receives compensation from some of the companies listed on this page. Advertising Disclosure


CrowdStrike Falcon Review

Brian Nadel

With an a la carte approach to cybersecurity, CrowdStrike's Falcon gives small businesses the ability to pick and choose the coverage they need and can afford. Its multilayered approach protects against today's most dangerous attacks with machine learning, advanced intelligence and behavioral analysis. It can be administered locally or managed by CrowdStrike and easily deployed to new employees. 

CrowdStrike Falcon

CrowdStrike Falcon

The Verdict

By overlapping several security layers, CrowdStrike Falcon not only allows you to choose your level of protection, but it can block threats and defend against hackers, data thieves, and ransomware without putting undue restrictions on your company.

View all of our endpoint detection and response software reviews on our best picks page. 

The Falcon program employs CrowdStrike's sandbox to safely try out suspect software and its lightweight single agent to defend your digital assets. While it does without traditional viral scanning and can't plant decoys, Falcon can dissect an attack, and its Breech Prevention Warranty can cover damages your company incurs in the case of a successful hack. 

Endpoint Detection and Response Features

In business for eight years, CrowdStrike puts it all together to protect small businesses without slowing them down. CrowdStrike is used by companies of all sizes, from those with fewer than 100 endpoints to major corporations with 500,000 employees. 

Its menu of services allows you to customize your protection by picking and choosing your features, without overpaying for parts your company doesn't want or need. The Prevent and Insight modules combine to fully protect small companies from the worst the web can throw at them. Prevent uses machine learning and behavioral analysis techniques to detect and mitigate attacks, while Insight adds endpoint detection and recovery analytics to pick apart an attack. CrowdStrike's other modules include Falcon X (integrated threat intelligence), Falcon Device Control (for USBs), Spotlight (vulnerability management) and Discover (IT hygiene). 

CrowdStrike's single agent does it all but remains small and light. Employing next-generation antiviral techniques, it can detect phishing attempts, the latest ransomware attacks, slow-acting timebombs, or the combination of several benign acts that add up to a dangerous vulnerability. 

Its behavior-based trigger uses advanced heuristic monitoring and swings into action when it detects a threat. This makes it easier to catch new or quickly changing attack vectors. CrowdStrike makes a point not to slow down systems needlessly, so it does without traditional viral scans. There's also no firewall to fence off your company's computers from a hostile online world. The company will integrate controls for Windows Firewall this spring; it will add Mac and Linux versions later. 

Taking an approach that should appeal to small companies without the staff or inclination to administer their own cybersecurity protection, CrowdStrike Complete does it all. The software is managed online and fully cloud native. It includes the Falcon OverWatch service to investigate any suspected breach. CrowdStrike Complete backs this up with its Breech Prevention Warranty: Any major hack could entitle you to a payment up to the amount of the software's annual license fee. 


The cost of Falcon Enterprise – which includes the Prevent, Insight, Device Control and OverWatch services – comes in at $180 a year for low-volume deployments. However, the price drops quickly with additional clients, and the software is suitable for deployments of up to thousands of seats and can economically remain your cyberthreat protection as your company grows. 

Since Falcon's defenses reside in the cloud, there are no local server fees, as is the case with competitors like FireEye and Microsoft. This makes it easy to update and improve the program, and it provides a convenient place to store the program's telemetry data. CrowdStrike keeps this data for 90 days, but you can have it transferred to your company for in-house retention or stored longer by CrowdStrike for an extra fee. 

Endpoint Protection

The Prevent module is the heart of Falcon's protection. Its next-gen antivirus starts with behavioral analysis of everything that every company computer does, looking for early indicators of attack. Prevent can find threats that others miss, and the software doesn't need to have seen the exploit before to protect against it. 

When Falcon encounters a potential threat, its code goes to Falcon's sandbox, where it can be safely executed and studied. In a matter of minutes, Falcon's deep analysis of the suspicious program's telemetry data formulates an automatic response that it distributes to all company computers. In a process like a flu vaccination, this response gives your business a certain level of immunity to the threat. 

The Insight software dovetails this with full attack visibility and automatic alerts, intelligently prioritizing malicious behavior so as not to overwhelm the administrator. There's the expected timeline of actions that resulted in the break-in, but Insight can associate them with different aspects of the computer's operations, like networking or files under attack, to unravel a complex attack. 

Your IT administrator can use CrowdStrike's MalQuery at any time to search your company's entire array of connected systems within a minute or two. In addition to looking for certain code strings, the search can involve contact with specific IP addresses and even types of attacks. Unlike some of its competitors, though, CrowdStrike doesn't take the extra step of offering an Apple Watch app that summarizes potential problems. 

The CrowdStrike agent not only makes deployment easy with a single email but doesn't require a computer restart after installation. The agent works with PCs, Macs, Linux systems, iPads, iPhones, and Android tablets and phones. While there's no specific version for Chromebooks, the Android version should work on Intel-based models. 


Designed to reduce alert fatigue, the Falcon dashboard prominently shows the latest vulnerability detections. Its new CrowdScore feature summarizes the program's recent findings across your company with a number between 0 (totally safe) and 100 (under attack), so you'll know if you should relax or heighten your company's security stance without constantly receiving notifications from the software. 

Bright and colorful, the interface has a column of activities that include the Spotlight vulnerability management app and the MalQuery virus search. Below this is a set of bar graphs that show Falcon's detections based on tactic, which might help you see a hidden pattern. 

The beauty is that a click on any element brings up all the detail a malware investigator could ever want. The available data includes the type of attack, its host IP address, the hash presentation of the code and more. 


Falcon includes 24/7 support from CrowdStrike's Sunnyvale, California headquarters to help with the software's operations and attacks. The Support section offers tips for virus response as well as portals to communicate with the company. 

There are three levels of customer support. The Standard tier is automatically included with CrowdStrike's products, offering email support for most items and phone help for critical problems. The Express/Essential level adds priority service and an account manager. At the top is Elite support, which includes onsite visits from CrowdStrike and advice on how to best use Falcon. 

CrowdStrike's OverWatch team is ready to assist during an attack, but this service could cost extra. The team can tear apart a new exploit or alert you to a hidden attack that is slowly gathering strength on your company's computers. They think like hackers and proactively hunt threats so that the methods are known to them when a hacker strikes.  

If you choose the CrowdStrike Complete option, CrowdStrike's experts act as consultants to create a plan that protects your entire company from cyberattacks. They can assist with design, setup and management of the system, and they offer an after-the-fact investigation process with remediation.

Image Credit: Getty Images
CrowdStrike Falcon

CrowdStrike Falcon

The Verdict

By overlapping several security layers, CrowdStrike Falcon not only allows you to choose your level of protection, but it can block threats and defend against hackers, data thieves, and ransomware without putting undue restrictions on your company.

Brian Nadel Contributing Writer
Brian is a technology writer based north of New York City. He writes stories for, Tom's Guide, ComputerWorld and Scholastic Magazines. He is the former editor-in-chief of Mobile Computing & Communications magazine.